July 2012

July 31, 2012

Some years ago, John and I had the pleasure of having dinner with Laura Zubulake, who was the plaintiff in the seminal e-discovery case, Zubulake v. UBS Warburg. The case spawned a number of important opinions and has undoubtedly been taught more than any other in e-discovery classes and seminars throughout the country.

When John and I had dinner with Laura, knowing that she had finally settled her case rather than face an appeal, we unabashedly asked if she would reveal the amount of the settlement. She good-naturedly declined, and for legal reasons could not tell us, but she let us know that she would never have to work again. We both laughed, a bit wistfully I think!

Laura is very candid in “Zubulake's e-Discovery” – she acknowledges right in the beginning that the case consumed, obsessed and even possessed her. Her highly-detailed account spins out the story of this famous case, starting with a fascinating look at Wall Street (‘the Street’ to those who work there) much of which was unknown territory to me.

I am reluctant to spill the beans on the whole story, but most people involved in e-discovery will know that Laura wisely preserved some e-mails that did not appear in UBS Warburg’s discovery production. This led to the opening salvo in a protracted series of legal battles overseen by Judge Shira Scheindlin of the Southern District of New York, who became the first “rock star” judge in e-discovery.

The e-discovery landscape was barren indeed until what should have been a garden variety gender discrimination case became an e-discovery war zone. Suddenly, we had a spate of opinions outlining a party’s duties in e-discovery, what is and is not inaccessible (an ever-evolving standard), cost-shifting and e-discovery actions which might justify an adverse inference instruction.

It could not have been easy to take on UBS Warburg and to fight a battle which lasted for years. Laura includes many quotes that were meaningful to her in her journey, but I particularly liked this one by Winston Churchill (which guided me in my own life):

“Never give in. Never give in. Never, ever, never, never – in nothing great or small, large or petty – never give in, except to convictions of honor and good sense. Never yield to force. Never yield to the apparently overwhelming might of the enemy.”

Laura did not give in. She fought long and hard and won an amazing victory against a formidable enemy. She settled because it made good sense to do so. It pleases me that our friend won, found peace and is now living happily in New York City - and doesn't need to set an alarm clock for work!

July 30, 2012

Bloomberg has reported that Washington D.C. law firm Wiley Rein LLC was breached last year by Chinese hackers. It was by no means alone in its misery. The European Union council, Halliburton and others suffered the same fate.

Byzantine Candor, the team of hackers responsible, is known in security circles as the Comment group for its trademark of infiltrating computers using hidden webpage computer code known as “comments.”

30 North American security researchers watched the hackers work and documented their findings. 20 victims were identified, many of whom had data that could give China an advantage as it seeks to become the world's largest economy. The targets included lawyers pursuing trade claims against the country’s exporters and an energy company getting ready to drill in waters claimed by China.

A former FBI official calls the hackers' activity "the biggest vacuuming up of U.S. proprietary data that we’ve ever seen. It’s a machine.”

Exploiting a hole in the hackers’ own security, the researchers created a digital diary, logging the intruders’ every move as they snuck into networks, shut off anti-virus systems, camouflaged themselves as system administrators and covered their tracks, making them invisible to their victims.

Byzantine Candor was linked to China’s military, the People’s Liberation Army, by a 2008 diplomatic cable released by WikiLeaks. Two former intelligence officials verified the essence of the document.The hacking group has been active at least since 2002 and is thought to have penetrated more than 1000 entities.

National Security Agency director Keith Alexander said earlier in July that cyber espionage constitutes “the greatest transfer of wealth in history,” and cited a figure of $1 trillion spent globally every year by companies trying to protect themselves.

Of the 10 Comment group victims reached by Bloomberg, those who learned of the hacks chose not to disclose them publicly, and three said they were unaware they’d been hacked until contacted for this story.

Wiley Rein apparently did know, according to the Bloomberg story.

Dale Hausman, Wiley Rein’s general counsel, said he couldn’t comment on how the breach affected the firm or its clients. Wiley Rein has since strengthened its network security, Hausman said. Well, that's good - if a tad late. My question is - and I'd sure like an answer - did the firm notify its clients? D.C. does have a data breach notification law - and most experts believe that ethical rules require firms to notify clients. Anyone from Wiley Rein want to comment?

July 26, 2012

Bruce Olson and I will be answering that very question next week in an upcoming ALI webinar. The webinar is on Tuesday, July 31st at noon Eastern time. Bruce was formerly a noted litigator and is now the President of Onlaw Trial Technologies, LLC. We have often written and spoken together and actually gave an earlier version of this presentation at ABA TECHSHOW.

Though we give some general advice about the lifecycle of a small case and how to handle it, I think the most striking feature of this webinar is the showcasing of software that attorneys can use to handle e-discovery in small cases. Software vendors have made extraordinary strides in the last few years.

If you work primarily on small cases, this should be an excellent way to bring yourself up to speed. Hope to have you join us!

July 25, 2012

Now why would you need to design a hacking tool that looks like a power strip? Yes, that's what I thought too. So make sure your information security folks know to look out for the Pwer Pwn, whose development was funded in part by The Defense Advanced Research Projects Agency (DARPA). Yet another hat tip to Dave Ries.

In summary, the device can launch remotely-activated Wi-Fi, Bluetooth and Ethernet attacks to identify network vulnerabilities. You can send commands via a Web interface, accessible through the Pwer Pwn's built-in 3G radio or directly text message the device. Lazy? Heck, you can even use Siri.

For a mere $1,295, you too can own a device which will to alert you to security deficiencies but is also perfect for hacking a corporate network. Read the story from ZDNet. The device is expected to ship at the end of September and is made by Pwnie Express, whose CEO said that 90% of the company's clients are commercial or federal organizations. That bothers me in and of itself, but it's the remaining 10% I'm really worried about.

DARPA apparently calls this a cyber-security defense tool. In the right hands, sure - but once again, why the form factor of the power strip? I'd say I don't get it, but then again, I do.

July 24, 2012

Has the world gone mad? Many of us remain shell-shocked by the slaughter in an Aurora, Colorado movie theater. Sadly, the madness happens on a smaller scale every day. Hat tip to friend Jennifer Ellis for sending me this appalling story.

CNN reported last week that Malik Jones, 16, was allegedly playing a game called "pick 'em out and knock 'em out" when he punched Delfino Mora, 62, in his jaw, knocking him to the ground, where the back of his head was cracked by concrete. In what sort of world do we live where this is a teenage game? Sigh.

Nicholas Ayala, 17, and Anthony Malcolm, 18, used Jones' cell phone camera to record the Chicago attack, picking up the loud crack of Mora's head hitting the cement. "I think I'm going to knock this guy out," Jones is heard saying on the video.

Mora, the father of 12, was collecting aluminum cans and scrap metal to sell in an alley near his north Chicago home when Jones attacked him. Mora, who was collecting the cans and metal to supplement his social security income, died in St. Francis Hospital the next day from cranial-cerebral injury, blunt head trauma and asthma, according to the Cook County medical examiner.

Jones, who is apparently as stupid as he is heinous, posted the video on his Facebook page, where it was seen by someone else who had been victimized by Jones, ultimately leading the police to the teenagers.

All three teens were ordered held without bail until their next court date on August 3rd. They are being charged as adults with first-degree murder.

While there has always been cruelty among teenagers and young adults, it nonetheless seems as though societal forces of some kind have dehumanized many young people. I know there are a lot of smart people trying to figure how this has happened and how to correct it. I hope they work harder and faster. I take little consolation in the fact that their stupidity gives us the electronic evidence with which to convict them. There are too many lives wasted and too many lives cut short.

July 23, 2012

Back in May of 2012, Facebook was sued for $15 billion for improperly tracking users even after they logged off the social network. John and I were pleased to welcome as our guest, attorney David Straite, a partner at Stewarts Law U.S. LLP, Head of Investor Protection Litigation and co-lead counsel in the Facebook internet tracking case, to discuss the main issues of this case. We talked about digital privacy litigation, the current statutory and common law involved in this case, calculation of damages and the future of digital privacy rights.

July 19, 2012

According to a New York Times report, the Food and Drug Administration conducted a massive e-mail surveillance mission against its own scientists. You may recall that President Nixon had an "enemies list." So, apparently, does the FDA.

While the initial surveillance was narrow and involved five scientists believed to be leaking confidential information, 80,000 pages of computer documents show that by 2010 it had evolved into a broad campaign to counter outside critics of the agency's medical review process. The "enemies list" grew to encompass 21 FDA employees, Congressional officials, outside medical researchers and journalists the FDA believed were working together to put out negative and "defamatory" information.

Using spyware, the FDA tracked via keystroke logging everything the five original scientists did on their government laptops whether at home or at work, whether the communications were personal or business.

Aghast as I was by the rampant surveillance, there was a bit of a giggle in all this. The FDA was undone by one of its own document handling contractors who inadvertently posted the documents collected in this effort on a public website.

While monitoring employees is ok under many circumstances, it looks like the FDA may have "crossed the line" by intercepting communications specifically protected by law, including attorney-client communications, whistle-blower complaints to Congress and workplace grievances.

The White House Office of Management and Budget took the unusual step of issuing a government-wide memo last month emphasizing that employee monitoring could not be used to intimidate whistle-blowers using appropriate channels to disclose wrongdoing. A trip to the White House wood shed may be forthcoming - lawsuits on behalf of the scientists are already in court.

July 18, 2012

Our friend and RTL Sharon Nelson reported on Monday in Ride the Lightning that heavyweight ISPs have come together to form the Center for Copyright Information - an ISP level effort that will filter copyright protected material. Why not block child pornography at the ISP level in the same way, using the same technology and collaborative effort? Federal law already requires Internet service providers to report child pornography when they identify it. Information should flow both ways- from the ISPs to the National Center for Missing and Exploited Children (NCMEC) to be distributed to law enforcement agencies for investigation and back to ISPs once the images are validated by law enforcement as actual minors. The NCMEC maintains an enormous database of hash values that correspond to ‘identified minors.’ These images could be blocked from distribution at the ISP level and in so doing save the children depicted in the images the continued victimization they experience every time they are distributed and viewed.

Blocking the images will cut down the number of images in circulation, leaving only new images for law enforcement to investigate. That way, resources can be directed toward newly created child abuse images. The more recently created the images, the more at risk the child and the more likely it is that the child is still being victimized. If law enforcement can focus efforts on recently created images instead of investigating distribution and possession of older ones, they have a greater chance of preventing future harm.

If copyright infringement can inspire collaboration among ISPs, the cause of protecting children should redouble their efforts. Given that the hash database already exists, the ISPs are collaborating in the copyright effort and have apparently developed the technology - filtering the known images should be a snap. To us, this is a win for everyone.

July 17, 2012

As many readers are no doubt aware, there is a class action lawsuit against Facebook for using browser cookies to track users even when they were logged out of Facebook. According to Facebook, this practice has been discontinued.

When John and I spoke on digital forensics at a recent conference in Delaware, I was delighted to meet David Straite of Stewarts Law (headquartered in London) who is the co-lead counsel in the Facebook litigation. David has kindly agreed to be a guest on our Legal Talk Network Digital Detectives podcast, which should be up by next week.

MIT's Technology Review recently published an article highlighting David's work, calling him something of a pioneer in the area of Internet privacy. It should be a fascinating conversation - I'll be sure to write a post when the podcast is released by Legal Talk Network - and a shout-out to LTN for always being willing to address controversial issues!

July 16, 2012

It might be. According to a commentary published by CNN, there is a new alliance among America's biggest ISPs and media giants such as Disney, Sony and Fox, which is to go into effect this month. The effort, dubbed the Center for Copyright Information, hopes to combat the illegal downloading and sharing of movies and music by monitoring it at the source - your computer.

The plan was to begin quetly monitoring users' computers for copyright violations on July 1st. The ISPs have agreed to implement a standardized "graduated response plan" through which offending users are warned, restricted and eventually cut off from the Internet for successive violations.

If your teenage son or daughter is downloading illegal movies or music from your house, you may be the one who is held "guilty." Ditto if you have an open wireless which your neighbors use.

In essence, subscribers will lose their expectation of privacy from their own service providers. What does that mean for businesses that pass sensitive information? How about lawyers, financial institutions and health care providers?

What's to stop an ISP (or a greedy employee) from monitoring more than copyright violations? This doesn't seem at all far-fetched to me in a world where I would once have said that Murdoch's shady reporters couldn't possibly bribe Scotland Yard.

It is entirely possible that some businesses will choose to use ISPs outside the U.S.

Sensei Enterprises, Inc.

3975 University Drive
Suite 225
Fairfax, VA 22030
703.359.0700

Disclaimer

This blog is intended to impart general information and does not offer specific legal advice. Use of this blog does not create an attorney-client relationship. If you require legal advice, consult an attorney.